motiejus/config
1
Fork 0
Code Packages Releases Activity

configure grafana oidc

Browse Source 
client id: 5349c113-467d-4b95-a61b-264f2d844da8
This commit is contained in:
Motiejus Jakštys
2023-08-14 15:30:01 +03:00
parent 5a7a32f1e0
commit c8caae7d99
4 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/vno1-oh2/configuration.nix
View File

@@ -157,6 +157,16 @@
http_addr = "0.0.0.0";
http_port = myData.ports.grafana;
};
auth.oauth_allow_insecure_email_lookup = true;
"auth.generic_oauth" = {
enabled = true;
client_id = "5349c113-467d-4b95-a61b-264f2d844da8";
client_secret = "$__file{/run/grafana/oidc-secret}";
auth_url = "https://git.jakstys.lt/login/oauth/authorize";
api_url = "https://git.jakstys.lt/login/oauth/userinfo";
token_url = "https://git.jakstys.lt/login/oauth/access_token";
};
feature_toggles.accessTokenExpirationCheck = true;
};
};
@@ -215,6 +225,14 @@
wants = ["nsd-acme-grafana.jakstys.lt.service"];
};
grafana = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret";
serviceConfig = {
RuntimeDirectory = "grafana";
LoadCredential = ["oidc:${config.age.secrets.grafana-oidc.path}"];
};
};
cert-watcher = {
description = "Restart caddy when tls keys/certs change";
wantedBy = ["multi-user.target"];